19-year-old Dutch Man Earned One Million Miles by Hacking United Airlines

Olivier Beg, a 19-year old security researcher based in the Netherlands, flew to Las Vegas for hacker conferences this week using part of a bounty of 1,000,000 million frequent flyer miles he earned from United Airlines as part of a challenge to help the company fix security flaws on its website.

As first reported by the Netherlands Broadcasting Foundation and ZDNet, the Vegas trip only cost Beg 60,000 miles and 5 euros for airport taxes.

United Airlines’ bug bounty program will reward hackers with 1 million miles for remote code execution, 250,000 miles for medium-severity bugs, and 50,000 miles for low-severity issues.

Beg reported 20 separate security flaws to United. The largest single reward he earned was 250,000, but in total he collected 1 million miles.

Since United’s initiative was launched last year, a number of hackers have earned its top prize, including Kyle Lovett, a security penetration tester at Cisco Systems. To date, United is the only U.S. airline to offer a bug bounty. Major car companies offer their own bug-crushing rewards including General Motors, Fiat Chrysler, and Tesla, and earlier this year, the Pentagon and Apple both announced hacking-for-bounty programs.

Christopher Tkaczyk is the Senior News Editor at Travel + Leisure. Follow him on Twitter and Instagram at @ctkaczyk.